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SECOND DECLARATION OF MARK TOWNS END PURSUANT TO 37 CFR g 1.131 



In support of my claim of prior invention of the invention described in the referenced 
application in view of the Sung et al. reference cited in the June 29, 2007, office action, I hereby 
declare as follows: 

1 . My name is Mark Townsend. I am an applicant and co-inventor of the invention 
described and claimed in the referenced patent application. 

2. I incorporate herein by reference the statements made in my Declaration signed October 
25, 2007. 

3. In response to the May 23, 2008, advisory action received in this application, I hereby 
state and acknowledge that the activities described in my October 25, 2007, Declaration relied 
upon to establish a date of prior invention of the invention described in the pending application 
were carried out in this country, the United States of America. 

4. In my October 25, 2007, Declaration, I described activity beginning in January 2003 and 
running through early August 2003. In that declaration, I omitted reference to activity occurring 
in March 2003. However, I note that I and others working with me at my direction and request 
continued to work toward development of the invention during the period between February 28, 
2003, and April 15, 2003. Specifically, Steve Pettit (a co-applicant) instructed Salo Fajer and 
Tom May to carry out particular coding actions that we believed would lead to development of 
the invention. Throughout March 2003, Steve Pettit communicated telephonically with either or 
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both of Messrs. Fajer and May and myself regarding the project. I have been unable to locate 
any specific written communications between us, but I believe that they may exist. 

5. In addition, to co-inventor Mr. Pettit's activities, I note that I was also contemplating the 
features of the invention that would have to be implemented for a suitable solution to the 
identified problem described in the pending application. I note that one of those features was the 
identification of the source of an intrusion so that the focus of a response could be directed to a 
particular network entry device rather than the entire network, or at least a substantial portion of 
the network. I identified this issue in an email exchange with a co -employee, Scott Ostrenga, 
that occurred on March 3, 2003. A copy of at least a portion of that exchange accompanies this 
declaration as Exhibit X. While the language used in the attached communication is not identical 
to the text of the patent application, I recall that this intrusion source location identification was 
an aspect of the present invention that was under consideration in the discussions with the 
inventors and programmers in March 2003. Also, this feature is described at least in pending 
Claim 2 of the application. 

6. While I remained committed during March 2003 to working toward development of the 
invention as noted by my exchange with Mr. Ostrenga and my exchanges with Steve Pettit 
regarding communications with Messrs. Fajer and May, at the same time my employer, 
Enterasys Networks, assignee of the invention, was in a time period critical to its ongoing 
existence. Specifically, in 2002, the company had gone through significant turmoil resulting 
from several accounting indiscretions. It was an imperative established by senior management 
that the company exhibit good sales activities in the first quarter of 2003 to persuade investors 
that the company was moving in a positive direction. I, as a sales engineering manager, along 
with most all other employees of the company, was directed to focus all of my efforts on 
generating sales, particularly as the first quarter drew to a close in March 2003. For that reason, 
all of my working time was spent on closing sales. I and my co-inventors were limited in our 
ability to work on the invention. Nevertheless, as I have stated, we were able to continue 
working on the invention, but at a reduced pace. 

7. Upon information and belief, the invention described in the referenced application was 
conceived at least as of January 2, 2003, and diligently reduced to practice no later than August 
6, 2003, with no lapse in activity throughout that period. All such activity occurred in the United 
States of America. 
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8. I hereby declare that all statements made herein of my own knowledge are true and that 
all statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment, or both, under 18 USC 1001 and that such willful false 
statements may jeopardize thejvajidityxifj^^ or afW patent issued. 




Mark Townsend, Applicant 



Original Message 

From: upn-request 

Sent: Tuesday, March 04, 2003 12:01 PM 
To : Upn 

Subject: UPN digest, Vol 1 #418 - 2 msgs 

Send UPN mailing list submissions to 
upn@enterasys . com 

To subscribe or unsubscribe via the Intranet, visit 

http: //maillist/mailman/listinfo/upn 
or, via email, send a message with subject or body 'help' to 

upn-request@enterasys . com 

You can reach the person managing the list at 
upn-admin@enterasys . com 

When replying, please edit your Subject line so it is more specific 
than "Re: Contents of UPN digest..." 



Today's Topics: 

1. Locating Users with Compass (Townsend, Mark) 

2. RE: Locating Users with Compass (Connault, Jean-Fabien) 



Message: 1 

Date: Mon, 3 Mar 2003 16:38:45 -0500 
From: "Townsend, Mark" <markt@enterasys . com> 
To: "Upn" <upn@maillist .enterasys . com> 
Subject: [UPN] Locating Users with Compass 
Reply-To: upn@enterasys.com 

Scott, 

If the user authenticated you could read the credentials associated on 
the port. The only thing I believe you could learn of any value is the 
Host name of the system. 

I believe without authentication you could log into the Novell Directory 
to reverse lookup the IP to the credentials {not Compass). 

Good reason for them to consider 802. lx authentication. 

>Mark 

Mark D. Townsend 
Enterasys Networks 
978 684 1623 



Today's Topics: 

1. Locating Users with Compass ' (Ostrenga, Scott) 



Message: 1 

Date: Mon, 3 Mar 2003 00:49:23 -0500 

From: "Ostrenga, Scott" <sostreng@enterasys . com> 

To: "netsight" <netsight@enterasys . com> 

Cc: "Upn" <upn@maillist . enterasys . com> 

Subject: [UPN] Locating Users with Compass 

Reply-To: upn@enterasys.com 

Hi Tech Gurus, 

I have a customer with a mix of products from 9000 's to 6000 's to VH's, 
E5 ' s and E7 ' s . 

They use a combination of Win95, 98, NT, 2K and XP. 

They use MS Clients on the 2K and XP machines and Novell's Client on 95, 
98. 

The users log in to a Novell Directory Services backend. 

The customer's anti-virus software will email him with a user's computer 
name (useless) and IP address {useful but not specific enough) when it 
finds a virus on a PC. His challenge is to ID that user by user name, 
not just switch, switch port number, and MAC address. 

The Question is "What behavior can I expect from Compass when doing a 
search on an IP address? Will I be able to identify the user by user 
name specifically? " 

Best Regards, 

Scott Ostrenga 

List-Help : <mailto : switching-request 8maillist . ctron . com?sub j ect=help> 
List- Post : <mailto: switching@maillist . ctron. com> 

List-Subscribe: <http : //maillist . ctron . com/mailman/listinf o/switching>, 
<mailto: switching-request§maillist . ctron. com?sub j ect=subscribe> 
List-Id: <switching. maillist. ctron. com> 
List-Unsubscribe: 

<http: //maillist . ctron. com/mailman/listinf o/switchin.g>, 
<mailto : switching-requestSmaillist . ctron . com?subject=unsubscribe> 
List-Archive: <http: //maillist . ctron. com/cgi-bin/swish-cgi .pi /> 
Switching mailing list 

Switching@enterasys . com http: //maillist/mailman/listinfo/switching 



List-Help : <mailto : upn-request @maillist , ctron . com?sub j ect=help> 
List-Post : <mailto: upn@maillist . ctron . com> 
List-Subscribe : 

<http : / /maillist/mailman/listinf o/upn>, <mailto : upn-request@maillist . ctro 

n.com?subject=subscribe> 

List-Id: <upn@enterasys . com> 

List-Unsubscribe : <http: //maillist . ctron . com/mailman/listinf o/upn>, 
<mailto : upn-request@maillist . ctron . com?subj ect=unsubscribe> 
List-Archive : <http : //maillist . ctron . com/cgi-bin/swish-cgi . pl> 
UPN mailing list 
UPN@enterasys.com 

http: //maillist/mailman/listinfo/upn 



End of UPN Digest 



Message: 2 

Subject: RE: [UPN] Locating Users with Compass 
Date: Tue, 4 Mar 2003 08:29:05 -0500 

From: "Connault, Jean-Fabien" <Jean-Fabien.Connault@enterasys .com> 
To: "Upn" <upn@maillist.enterasys.com> 
Reply-To: upn@enterasys.com 



Hi, 

If we know about the IP, we can find the associated MAC (first step) . 
Once we know the MAC, we can find the associated username (second step) 
when 8 02. IX is on. 

So this would be a 2 steps process in Compass (2 searches) . 

With PWA, if we know about the IP, we can find directly the associated 
username . 

So, here this is a 1 step process in Compass (1 search) . 

In a future rev of Compass we may implement dynamic IP to MAC 
resolution, meaning that if you search an IP, Compass will look for the 
IP in various tables, but will look for the resolved MAC too, so for 
example 802. IX username would show up directly {one step search) as we 
know the MAC. This would allow to locate IP addresses on switch ports, 
even if the switch doesn't support Node/Alias or something similar (at 
L3). 

JEFF 

Original Message 

From: Townsend, Mark 

Sent: lundi 3 mars 2003 22:39 

To : Upn 

Subject: [UPN] Locating Users with Compass 



Scott, 

If the user authenticated you could read the credentials associated on 
the port. The only thing I believe you could learn of any value is the 
Host name of the system. 

I believe without authentication you could log into the Novell Directory 
to reverse lookup the IP to the credentials (not Compass) . 

Good reason for them to consider 802. Ix authentication. 

>Mark 

Mark D. Townsend 
Enterasys Networks 
978 684 1623 



Today's Topics: 

1. Locating Users with Compass (Ostrenga, Scott) 



Message: 1 

Date: Mon, 3 Mar 2003 00:49:23 -0500 

From: "Ostrenga, Scott" <sostreng@enterasys . com> 

To: "netsight" <netsight@enterasys . cora> 

Cc: "Upn" <upn@maillist.enterasys.com> 

Subject: [UPN] Locating Users with Compass 

Reply-To: upn@enterasys.com 

Hi Tech Gurus, 

I have a customer with a mix of products from 9000 's to 6000' s to VH's, 
E5's and E7's. 

They use a combination of Win95, 98, NT, 2K and XP. 

They use MS Clients on the 2K and XP machines and Novell's Client on 95, 
98. 

The users log in to a Novell Directory Services backend. 

The customer's anti-virus software will email him with a user's computer 
name (useless) and IP address (useful but not specific enough) when it 
finds a virus on a PC. His challenge is to ID that user by user name, 
not just switch, switch port number, and MAC address. 

The Question is "What behavior can I expect from Compass when doing a 
search on an IP address? Will I be able to identify the user by user 
name specifically? " 

Best Regards, 

Scott Ostrenga 

List-Help : <mailto : switching-request Smaillist . ctron . com?sub j ect=help> 
List-Post : <mailto : switching@maillist . ctron . com> 

List-Subscribe : <http : //maillist . ctron . com/mailman/listinf o/switching>, 
■Cmailto: switching-request Smaillist . ctron . com? sub ject=subscribe> 
List-Id: <switching. maillist . ctron. com> 
List-Unsubscribe : 

<http: //maillist .ctron. com/mailman/listinf o/switching>, 
<mailto : switching-requestSmaillist . ctron. com?sub ject=unsubscribe> 
List-Archive : <http: //maillist . ctron . com/cgi-bin/swish-cgi . pl/> 
Switching mailing list 

SwitchingSenterasys . com http : //maillist/mailman/listinf o/switching 



List-Help : -cmailto : upn-request@maillist . ctron. com?subj ect=help> 
List-Post : <mailto : upn@maillist . ctron . com> 
List-Subscribe : 

<http: / /maillist/mailman/listinf o/upn>, <mailto : upn-request@maillist . ctro 
n . com?sub j ect=subscribe> 
List-Id: <upn@enterasys . com> 

List-Unsubscribe : <http : //maillist . ctron . com/mailman/listinf o/upn>, 
<mailto : upn-request@maillist . ctron . com?sub j ect=unsubscribe> 
List-Archive: <http: //maillist. ctron. com/cgi-bin/swish-cgi. pl> 
UPN mailing list 



UPN@enterasys . com 

http : / /maillist/mailman/listinfo/upn 
End of UPN Digest 



List-Help : <mailto : upn-request@maillist . ctron . com?subj ect=help> 

List-Post : <mailto : upn@maillist . ctron. com> 

List-Subscribe: 

<http: / /maillist/mailman/listinf o/upn>, <mailto:upn-request@maillist . ctro 
n. com? subject =subscribe> 
List-Id: <upn@enterasys.com> 

List-Unsubscribe : <http: //maillist . ctron. com/mailman/listinfo/upn>, 
<mailto : upn-request@maillist . ctron. com?subj ect=unsubscribe> 
List-Archive : <http: //maillist . ctron. com/cgi-bin/swish-cgi .pl> 
UPN mailing list 
UPN@enterasys . com 

http: //maillist/mailman/listinfo/upn 



List-Help : <mailto : upn-request@maillist . ctron . com?subj ect=help> 
List-Post : <mailto:upn@maillist . ctron . com> 

List-Subscribe : <http : //maillist /mailman/listinf o/upn>, <mailto : upn- 
request@maillist .ctron. com?subject=subscribe> 
List-Id: <upn@enterasys . com> 

List-Unsubscribe : <http: //maillist . ctron. com/mailman/listinf o/upn>, 
<mailto : upn-request@maillist . ctron. com?subject=unsubscribe> 
List-Archive : <http : / /maillist . ctron . com/cgi-bin/swish-cgi . pl> 
UPN mailing list 
UPN@enterasys . com 

http: / /maillist/mailman/listinfo/upn 



End of UPN Digest 



